Keytool是个密钥和证书管理工具。它使用户能管理自己的公钥/私钥对及相关证书,用于(通过数字签名)自我认证(用户向别的用户/服务认证自己)或数据完整性以及认证服务。它还允许用户储存他们的通信对等者的公钥(以证书的形式)。
证书是来自一个实体(个人、公司等)的经数字签名的声明,它声明某些其他实体的公钥(以及其他信息)具有某一的特定值(参见证书)。当数据被数字化签名后,校验签名即可检查数据的完整性和真实性。完整性的意思是数据没有被修改或损坏过,真实性的意思是数据的确是来自声称创建了该数据和对它进行了签名的实体。
Keytool还允许用户管理在对称加密/解密(例如DES)使用的密钥。
Keytool将密钥和证书储存在一个所谓的密钥仓库中。缺省的密钥仓库实现将密钥仓库实现为一个文件。它用口令来保护私钥。
keytool英文介绍
keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.
Keytool also enables users to administer secret keys used in symmetric encryption/decryption (e.g. DES).
Keytool stores the keys and certificates in a keystore.
命令:
-certreq 生成证书请求-changealias 更改条目的别名-delete 删除条目-exportcert 导出证书-genkeypair 生成密钥对-genseckey 生成密钥-gencert 根据证书请求生成证书-importcert 导入证书或证书链-importpass 导入口令-importkeysotre 从其他密钥库导入一个或所有条目-keypasswd 更改条目的密钥口令-list 列出密钥库中的条目-printcert 打印证书内容-printcertreq 打印证书请求的内容-printcrl 打印CRL文件的内容-storepasswd 更改密钥库的存储口令上述列出了所有keytool命令及实现功能。每个命令的使用细则单独查询吧。